Commit 5339c5219f for openssl.org
commit 5339c5219fc605b47db44041e835ff15a9444f50
Author: Simo Sorce <simo@redhat.com>
Date: Thu Jun 11 10:40:16 2026 -0400
Refactor AES XTS hardware key initialization
Replace complex AES XTS initialization and hardware selection macros
(`XTS_SET_KEY_FN`, `PROV_CIPHER_HW_declare_xts`, and
`PROV_CIPHER_HW_select_xts`) with standard C functions.
Architecture-specific initializers, particularly for RISC-V, are consolidated
to evaluate CPU capabilities within dedicated initialization functions rather
than relying on macro expansion. This refactoring improves overall code
readability, maintainability, and simplifies debugging by eliminating opaque
multi-statement macros.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Sat Jun 27 09:05:44 2026
(Merged from https://github.com/openssl/openssl/pull/31472)
diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c
index 022fbc7ff0..6b8c7ab4b4 100644
--- a/providers/implementations/ciphers/cipher_aes_xts_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c
@@ -15,32 +15,37 @@
#include "cipher_aes_xts.h"
-#define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \
- fn_block_enc, fn_block_dec, \
- fn_stream_enc, fn_stream_dec) \
- { \
- size_t bytes = keylen / 2; \
- size_t bits = bytes * 8; \
- \
- if (ctx->enc) { \
- fn_set_enc_key(key, (int)bits, &xctx->ks1.ks); \
- xctx->xts.block1 = (block128_f)fn_block_enc; \
- } else { \
- fn_set_dec_key(key, (int)bits, &xctx->ks1.ks); \
- xctx->xts.block1 = (block128_f)fn_block_dec; \
- } \
- fn_set_enc_key(key + bytes, (int)bits, &xctx->ks2.ks); \
- xctx->xts.block2 = (block128_f)fn_block_enc; \
- xctx->xts.key1 = &xctx->ks1; \
- xctx->xts.key2 = &xctx->ks2; \
- xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec; \
+static int cipher_set_aes_xts_initkey(PROV_CIPHER_CTX *ctx,
+ const unsigned char *key, size_t keylen,
+ aes_set_encrypt_key_fn fn_set_enc_key,
+ aes_set_encrypt_key_fn fn_set_dec_key,
+ aes_block128_f fn_block_enc, aes_block128_f fn_block_dec,
+ OSSL_xts_stream_fn fn_stream_enc, OSSL_xts_stream_fn fn_stream_dec)
+{
+ PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
+ size_t bytes = keylen / 2;
+ size_t bits = bytes * 8;
+
+ if (ctx->enc) {
+ fn_set_enc_key(key, (int)bits, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f)fn_block_enc;
+ } else {
+ fn_set_dec_key(key, (int)bits, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f)fn_block_dec;
}
+ fn_set_enc_key(key + bytes, (int)bits, &xctx->ks2.ks);
+ xctx->xts.block2 = (block128_f)fn_block_enc;
+ xctx->xts.key1 = &xctx->ks1;
+ xctx->xts.key2 = &xctx->ks2;
+ xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec;
+
+ return 1;
+}
static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
const unsigned char *key,
size_t keylen)
{
- PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
OSSL_xts_stream_fn stream_enc = NULL;
OSSL_xts_stream_fn stream_dec = NULL;
@@ -57,34 +62,33 @@ static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
#ifdef HWAES_xts_decrypt
stream_dec = HWAES_xts_decrypt;
#endif /* HWAES_xts_decrypt */
- XTS_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key,
- HWAES_encrypt, HWAES_decrypt,
- stream_enc, stream_dec);
- return 1;
- } else
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ HWAES_set_encrypt_key, HWAES_set_decrypt_key,
+ HWAES_encrypt, HWAES_decrypt, stream_enc, stream_dec);
+ }
#endif /* HWAES_CAPABLE */
#ifdef BSAES_CAPABLE
- if (BSAES_CAPABLE) {
+ if (BSAES_CAPABLE) {
stream_enc = ossl_bsaes_xts_encrypt;
stream_dec = ossl_bsaes_xts_decrypt;
- } else
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ AES_set_encrypt_key, AES_set_decrypt_key,
+ AES_encrypt, AES_decrypt, stream_enc, stream_dec);
+ }
#endif /* BSAES_CAPABLE */
+
#ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
- XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
+ if (VPAES_CAPABLE) {
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ vpaes_set_encrypt_key, vpaes_set_decrypt_key,
vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec);
- return 1;
- } else
-#endif /* VPAES_CAPABLE */
- {
- (void)0;
- }
- {
- XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
- AES_encrypt, AES_decrypt, stream_enc, stream_dec);
}
- return 1;
+#endif /* VPAES_CAPABLE */
+
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ AES_set_encrypt_key, AES_set_decrypt_key,
+ AES_encrypt, AES_decrypt, stream_enc, stream_dec);
}
static void cipher_hw_aes_xts_copyctx(PROV_CIPHER_CTX *dst,
@@ -103,8 +107,6 @@ static void cipher_hw_aes_xts_copyctx(PROV_CIPHER_CTX *dst,
static int cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX *ctx,
const unsigned char *key, size_t keylen)
{
- PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
-
void (*aesni_xts_enc)(const unsigned char *in,
unsigned char *out,
size_t length,
@@ -131,28 +133,29 @@ static int cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX *ctx,
}
#endif
- XTS_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key,
- aesni_encrypt, aesni_decrypt,
- aesni_xts_enc, aesni_xts_dec);
- return 1;
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ aesni_set_encrypt_key, aesni_set_decrypt_key,
+ aesni_encrypt, aesni_decrypt, aesni_xts_enc, aesni_xts_dec);
}
-#define PROV_CIPHER_HW_declare_xts() \
- static const PROV_CIPHER_HW aesni_xts = { \
- cipher_hw_aesni_xts_initkey, \
- NULL, \
- cipher_hw_aes_xts_copyctx \
- };
-#define PROV_CIPHER_HW_select_xts() \
- if (AESNI_CAPABLE) \
+static const PROV_CIPHER_HW aesni_xts = {
+ cipher_hw_aesni_xts_initkey,
+ NULL,
+ cipher_hw_aes_xts_copyctx
+};
+
+static const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts_aesni()
+{
+ if (AESNI_CAPABLE)
return &aesni_xts;
+ return NULL;
+}
#elif defined(SPARC_AES_CAPABLE)
static int cipher_hw_aes_xts_t4_initkey(PROV_CIPHER_CTX *ctx,
const unsigned char *key, size_t keylen)
{
- PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
OSSL_xts_stream_fn stream_enc = NULL;
OSSL_xts_stream_fn stream_dec = NULL;
@@ -170,153 +173,109 @@ static int cipher_hw_aes_xts_t4_initkey(PROV_CIPHER_CTX *ctx,
return 0;
}
- XTS_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key,
- aes_t4_encrypt, aes_t4_decrypt,
- stream_enc, stream_dec);
- return 1;
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ aes_t4_set_encrypt_key, aes_t4_set_decrypt_key,
+ aes_t4_encrypt, aes_t4_decrypt, stream_enc, stream_dec);
}
-#define PROV_CIPHER_HW_declare_xts() \
- static const PROV_CIPHER_HW aes_xts_t4 = { \
- cipher_hw_aes_xts_t4_initkey, \
- NULL, \
- cipher_hw_aes_xts_copyctx \
- };
-#define PROV_CIPHER_HW_select_xts() \
- if (SPARC_AES_CAPABLE) \
+static const PROV_CIPHER_HW aes_xts_t4 = {
+ cipher_hw_aes_xts_t4_initkey,
+ NULL,
+ cipher_hw_aes_xts_copyctx
+};
+
+static const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts_t4()
+{
+ if (SPARC_AES_CAPABLE)
return &aes_xts_t4;
+ return NULL;
+}
#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
-static int cipher_hw_aes_xts_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
- const unsigned char *key,
- size_t keylen)
+static int cipher_hw_aes_xts_rv64i_initkey(PROV_CIPHER_CTX *ctx,
+ const unsigned char *key, size_t keylen)
{
- PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
- OSSL_xts_stream_fn stream_enc = NULL;
- OSSL_xts_stream_fn stream_dec = NULL;
+ if (RISCV_HAS_ZVBB() && RISCV_HAS_ZVKG() && RISCV_HAS_ZVKNED() && riscv_vlen() >= 128) {
+ /* Zvkned only supports 128 and 256 bit keys. */
+ if (keylen * 8 == 128 * 2 || keylen * 8 == 256 * 2)
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ rv64i_zvkned_set_encrypt_key, rv64i_zvkned_set_decrypt_key,
+ rv64i_zvkned_encrypt, rv64i_zvkned_decrypt,
+ rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt,
+ rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt);
+
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ AES_set_encrypt_key, AES_set_encrypt_key,
+ rv64i_zvkned_encrypt, rv64i_zvkned_decrypt, NULL, NULL);
+ }
- XTS_SET_KEY_FN(rv64i_zkne_set_encrypt_key, rv64i_zknd_set_decrypt_key,
- rv64i_zkne_encrypt, rv64i_zknd_decrypt,
- stream_enc, stream_dec);
- return 1;
-}
+ if (RISCV_HAS_ZVKNED() && riscv_vlen() >= 128) {
+ /* Zvkned only supports 128 and 256 bit keys. */
+ if (keylen * 8 == 128 * 2 || keylen * 8 == 256 * 2)
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ rv64i_zvkned_set_encrypt_key, rv64i_zvkned_set_decrypt_key,
+ rv64i_zvkned_encrypt, rv64i_zvkned_decrypt, NULL, NULL);
-static int cipher_hw_aes_xts_rv64i_zvbb_zvkg_zvkned_initkey(
- PROV_CIPHER_CTX *ctx, const unsigned char *key, size_t keylen)
-{
- PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
- OSSL_xts_stream_fn stream_enc = NULL;
- OSSL_xts_stream_fn stream_dec = NULL;
-
- /* Zvkned only supports 128 and 256 bit keys. */
- if (keylen * 8 == 128 * 2 || keylen * 8 == 256 * 2) {
- XTS_SET_KEY_FN(rv64i_zvkned_set_encrypt_key,
- rv64i_zvkned_set_decrypt_key, rv64i_zvkned_encrypt,
- rv64i_zvkned_decrypt,
- rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt,
- rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt);
- } else {
- XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_encrypt_key,
- rv64i_zvkned_encrypt, rv64i_zvkned_decrypt,
- stream_enc, stream_dec);
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ AES_set_encrypt_key, AES_set_encrypt_key,
+ rv64i_zvkned_encrypt, rv64i_zvkned_decrypt, NULL, NULL);
}
- return 1;
-}
-static int cipher_hw_aes_xts_rv64i_zvkned_initkey(PROV_CIPHER_CTX *ctx,
- const unsigned char *key,
- size_t keylen)
-{
- PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
- OSSL_xts_stream_fn stream_enc = NULL;
- OSSL_xts_stream_fn stream_dec = NULL;
+ if (RISCV_HAS_ZKND_AND_ZKNE())
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ rv64i_zkne_set_encrypt_key, rv64i_zknd_set_decrypt_key,
+ rv64i_zkne_encrypt, rv64i_zknd_decrypt, NULL, NULL);
- /* Zvkned only supports 128 and 256 bit keys. */
- if (keylen * 8 == 128 * 2 || keylen * 8 == 256 * 2) {
- XTS_SET_KEY_FN(rv64i_zvkned_set_encrypt_key,
- rv64i_zvkned_set_decrypt_key,
- rv64i_zvkned_encrypt, rv64i_zvkned_decrypt,
- stream_enc, stream_dec);
- } else {
- XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_encrypt_key,
- rv64i_zvkned_encrypt, rv64i_zvkned_decrypt,
- stream_enc, stream_dec);
- }
- return 1;
+ return 0;
}
-#define PROV_CIPHER_HW_declare_xts() \
- static const PROV_CIPHER_HW aes_xts_rv64i_zknd_zkne = { \
- cipher_hw_aes_xts_rv64i_zknd_zkne_initkey, \
- NULL, \
- cipher_hw_aes_xts_copyctx \
- }; \
- static const PROV_CIPHER_HW aes_xts_rv64i_zvkned = { \
- cipher_hw_aes_xts_rv64i_zvkned_initkey, \
- NULL, \
- cipher_hw_aes_xts_copyctx \
- }; \
- static const PROV_CIPHER_HW aes_xts_rv64i_zvbb_zvkg_zvkned = { \
- cipher_hw_aes_xts_rv64i_zvbb_zvkg_zvkned_initkey, \
- NULL, \
- cipher_hw_aes_xts_copyctx \
- };
-
-#define PROV_CIPHER_HW_select_xts() \
- if (RISCV_HAS_ZVBB() && RISCV_HAS_ZVKG() && RISCV_HAS_ZVKNED() && riscv_vlen() >= 128) \
- return &aes_xts_rv64i_zvbb_zvkg_zvkned; \
- if (RISCV_HAS_ZVKNED() && riscv_vlen() >= 128) \
- return &aes_xts_rv64i_zvkned; \
- else if (RISCV_HAS_ZKND_AND_ZKNE()) \
- return &aes_xts_rv64i_zknd_zkne;
+static const PROV_CIPHER_HW aes_xts_rv64i = {
+ cipher_hw_aes_xts_rv64i_initkey,
+ NULL,
+ cipher_hw_aes_xts_copyctx
+};
+
+static const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts_rv64i()
+{
+ if ((RISCV_HAS_ZVKNED() && riscv_vlen() >= 128)
+ || RISCV_HAS_ZKND_AND_ZKNE())
+ return &aes_xts_rv64i;
+ return NULL;
+}
#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
-static int cipher_hw_aes_xts_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
- const unsigned char *key,
- size_t keylen)
+static int cipher_hw_aes_xts_rv32i_initkey(PROV_CIPHER_CTX *ctx,
+ const unsigned char *key, size_t keylen)
{
- PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
-
- XTS_SET_KEY_FN(rv32i_zkne_set_encrypt_key, rv32i_zknd_zkne_set_decrypt_key,
- rv32i_zkne_encrypt, rv32i_zknd_decrypt,
- NULL, NULL);
- return 1;
+ if (RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE())
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ rv32i_zbkb_zkne_set_encrypt_key,
+ rv32i_zbkb_zknd_zkne_set_decrypt_key,
+ rv32i_zkne_encrypt, rv32i_zknd_decrypt, NULL, NULL);
+
+ if (RISCV_HAS_ZKND_AND_ZKNE())
+ return cipher_set_aes_xts_initkey(ctx, key, keylen,
+ rv32i_zkne_set_encrypt_key, rv32i_zknd_zkne_set_decrypt_key,
+ rv32i_zkne_encrypt, rv32i_zknd_decrypt, NULL, NULL);
+
+ return 0;
}
-static int cipher_hw_aes_xts_rv32i_zbkb_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
- const unsigned char *key,
- size_t keylen)
-{
- PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
+static const PROV_CIPHER_HW aes_xts_rv32i = {
+ cipher_hw_aes_xts_rv32i_initkey,
+ NULL,
+ cipher_hw_aes_xts_copyctx
+};
- XTS_SET_KEY_FN(rv32i_zbkb_zkne_set_encrypt_key, rv32i_zbkb_zknd_zkne_set_decrypt_key,
- rv32i_zkne_encrypt, rv32i_zknd_decrypt,
- NULL, NULL);
- return 1;
+static const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts_rv32i()
+{
+ if (RISCV_HAS_ZKND_AND_ZKNE())
+ return &aes_xts_rv32i;
+ return NULL;
}
-#define PROV_CIPHER_HW_declare_xts() \
- static const PROV_CIPHER_HW aes_xts_rv32i_zknd_zkne = { \
- cipher_hw_aes_xts_rv32i_zknd_zkne_initkey, \
- NULL, \
- cipher_hw_aes_xts_copyctx \
- }; \
- static const PROV_CIPHER_HW aes_xts_rv32i_zbkb_zknd_zkne = { \
- cipher_hw_aes_xts_rv32i_zbkb_zknd_zkne_initkey, \
- NULL, \
- cipher_hw_aes_xts_copyctx \
- };
-#define PROV_CIPHER_HW_select_xts() \
- if (RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE()) \
- return &aes_xts_rv32i_zbkb_zknd_zkne; \
- if (RISCV_HAS_ZKND_AND_ZKNE()) \
- return &aes_xts_rv32i_zknd_zkne;
-#else
-/* The generic case */
-#define PROV_CIPHER_HW_declare_xts()
-#define PROV_CIPHER_HW_select_xts()
#endif
static const PROV_CIPHER_HW aes_generic_xts = {
@@ -324,8 +283,23 @@ static const PROV_CIPHER_HW aes_generic_xts = {
NULL,
cipher_hw_aes_xts_copyctx
};
-PROV_CIPHER_HW_declare_xts()
- const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts(size_t keybits)
+
+const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts(size_t keybits)
{
- PROV_CIPHER_HW_select_xts() return &aes_generic_xts;
+ const PROV_CIPHER_HW *aes_xts_hw = NULL;
+
+#if defined(AESNI_CAPABLE)
+ aes_xts_hw = ossl_prov_cipher_hw_aes_xts_aesni();
+#elif defined(SPARC_AES_CAPABLE)
+ aes_xts_hw = ossl_prov_cipher_hw_aes_xts_t4();
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
+ aes_xts_hw = ossl_prov_cipher_hw_aes_xts_rv64i();
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
+ aes_xts_hw = ossl_prov_cipher_hw_aes_xts_rv32i();
+#endif
+
+ if (aes_xts_hw == NULL)
+ return &aes_generic_xts;
+
+ return aes_xts_hw;
}